Frequently Asked Questions

CATALYIT + TRAVA

Your Cyber Insurance Sales Assistant

Common Cybersecurity Questions

What are cyber vulnerability scans?

A cyber vulnerability scan, also known as cyber vulnerability assessment, is a systematic review of a company’s digital infrastructure (the computers, systems and networks). Vulnerability scans identify weaknesses and misconfigurations in this infrastructure and can help a company to fortify defenses against cyber attacks.

What are common cyber security vulnerabilities?

Common vulnerabilities include misconfigurations, unsecured APIs, and unpatched software.

Misconfigurations: Many applications require manual configuration, a process prone to error. It is important for organizations to automate the configuration process to reduce the risk of human error.
Unsecured APIs: APIs (application programming interfaces) provide a digital interface for applications to communicate with each other. APIs are one of the few assets with a public IP address. If not adequately secured, they can become an easy target for attackers to breach.
Unpatched or outdated software: Software vendors periodically release updates to add new features and functionalities or patch known cybersecurity vulnerabilities. Unfortunately, because of the sheer volume of updates from different software providers it can be easy to fall behind on updates and patching, or miss a new release entirely. Unpatched or outdated software often makes for an easy target for cybercriminals.

What are some common cyber threats?

Social Engineering: Any network is hackable if an employee can be duped into sharing access. Over 75% of targeted cyberattacks start with an email.
Third-Party Exposure: Vendors, clients, and app integrations with poor security can provide access to an otherwise well-protected network.
Configuration Mistakes: Even professional security systems more than likely contain at least one error in how the software is installed and set up.
Poor Cyber Hygiene: “Cyber hygiene” refers to regular habits and practices regarding technology use, like avoiding unprotected WiFi networks and implementing safeguards like a VPN or MFA. Just 34% of Americans change their passwords regularly, and only 45% change their passwords after a data breach.
Cloud Vulnerability: Online data storage and transfer provide increased opportunities for a potential hack.

Why should a small business have cyber insurance?

Cyber insurance is a critical component of risk management for small businesses in today’s increasingly digital and interconnected world. It provides financial protection, resources, and expertise that can be invaluable in the event of a cyber incident.

Key reasons for cyber insurance include:

Increasing Cyber Threats: Small businesses are often targets of cyberattacks because they may not have the same level of security infrastructure as larger corporations.
Financial Protection: The costs associated with a cyberattack can be substantial, which can be financially crippling for a SMB. Costs can include expenses for data recovery, legal fees, public relations efforts to mitigate reputation damage, and fines or settlements if customer data is compromised.
Data Breach Consequences: Many small businesses handle sensitive customer data. A breach can lead to significant legal and financial consequences.
Business Continuity: A cyber incident can disrupt business operations, leading to lost revenue and eroding customer trust. Insurance can help cover lost income during downtime and assist with the costs of restoring operations.

What are some tips to sell cyber insurance to SMBs?

Use everyday language: Business owners want to understand the basics: What are the issues? How might this affect me? Why should I take action? Communicate in clear, simple terms. Avoid technical descriptions and unnecessary detail. Use everyday language to explain the risks and potential impacts of cyber crime on customers’ operations and bottom lines. Provide an overview of common cyber attacks, their frequency, and their impact.
Explain the risks with tangible examples: Clients should understand how the variety and prevalence of cyber risks means potentially greater risk for their business. Many small business owners think they’re not at risk because of their size, when in fact threat actors increasingly target small businesses using automated attacks. And many business leaders aren’t aware that nearly half of small business attacks originate with human error. Or that ransomware attacks often involve significant extortion losses. Or that cyber breaches compromising personal identifiable information (PII) can lead to privacy violations and lawsuits.
Explain the value of cyber insurance: Business owners want to make sound financial decisions. Illustrate the typical costs of cyber attacks related to stolen funds, lost business income, extortion, and equipment replacement — as well as the response costs such as technical, legal, and public relations expenses. The cumulative costs of a cyber attack can be devastating for a small business. Show how a cyber policy covers these costs, and helps companies quickly restore operations and protect their reputations.
Explain the coverages and what they mean: Cyber policies offer a broad scope of coverage, from network liability to business interruption. Using basic terms, help your client understand what these various coverages mean. Explain when they might come into effect and offer examples of what they provide. Point out the distinction between first-party and third-party claims, to underscore that cyber insurance can cover customer losses as well as business losses.
Highlight additional services: Most cyber policies offer benefits beyond traditional coverage. For example, risk assessment provides ongoing protection to identify risks and prevent issues from becoming problems. Many carriers provide in-house incident response teams and cyber claim experts so policyholders can recover faster with minimal business impacts.

What steps can a small business take to prevent cyber incidents?

It is essential for small businesses to prioritize cybersecurity measures due to limited resources. The three most critical steps SMBs can take to prevent cyber incidents are:

Employee Training and Awareness: Regular training sessions on cybersecurity best practices, recognizing phishing attempts, secure handling of sensitive data, and importance of reporting suspicious activities.
Implementing Strong Access Controls and Use of Multi-Factor Authentication (MFA): Enforce password policies and use MFA for all critical systems and applications, especially those accessible via the internet. Restrict access to sensitive data and systems to only those employees who need it for their work (principle of least privilege).
Regular Software Updates and Security Patching: Establish a routine for regularly updating all software, including operating systems, applications, and security tools. Enable automatic updates where possible, and prioritize patches for known vulnerabilities, especially in widely used software.

While there are many other important practices, focusing on these three steps can significantly decrease the likelihood and potential impact of a cyber incident.

Common Trava Questions

How do I access Trava?

You must be a Catalyit subscriber and have less than 75 employees. If you have 75 employees or more, please contact Trava directly to gain access to the platform.

I've activated my free Prospecting account. How do I sign up for the Underwriting or Risk Management modules?

You can upgrade and purchase the Underwriting or Risk Management modules from the Catalyit + Trava Onboarding page. You will need to be a Full Access subscriber to access these modules, so an annual subscription will be added to your order based on your state and Big I association membership.

What benefits does Trava offer to insurance agents?

Agents can leverage Trava’s platform to offer tailored cybersecurity advice to their clients. With the Trava tools, agents can help their clients understand their cyber risk profile, enhance their risk management capabilities, and ensure they have appropriate cyber insurance coverage. Agents have the ability to differentiate themselves in a market that often views insurance as a commodity.

What modules are available in the Trava platform?

There are three distinct modules in the Trava platform:

Prospecting: Get help with prospecting new clients and grow your cyber insurance book by running Cyber Checkup Reports.
Underwriting: Get under the hood of your clients cyber posture and see where the gaps are. Run the full suite of external vulnerabilities reports and complete security control survey frameworks together with your clients to get a better picture of their cyber insurance readiness.
Risk Management: Manage your client’s cybersecurity risks with external and internal vulnerability scans, and ongoing monitoring.

What is a Cyber Risk Checkup?

Trava’s Cyber Risk Checkup is a rapid assessment that checks the external security perimeter of a client for key gaps. It includes a port scan, certificate scan, and data breach scan. It is part of the Prospecting module. An agent can run the Cyber Risk Checkup by simply entering the domain name that you’d like to scan. The Cyber Risk Checkup can be used to assess where your client is most vulnerable, explain your clients’ cyber liabilities and demonstrate the need for cyber insurance.

What types of vulnerability scans are available through Trava?

Trava provides a suite of external vulnerability scans that reveal system weaknesses and security issues by looking at a company from “outside-in”. Examples of external scans: Port scan, certificate scan, data breach scan, perimeter scan and web application surface scan.

Trava also offers internal vulnerability scans to identify known vulnerabilities, misconfigurations and check the efficacy of existing security measures. Examples of internal scans: Cloud scan, MFA (Multi Factor Authentication) scan, web application scan, agent (endpoint) scan and Microsoft 365 scan.

What security control frameworks are available through Trava?

Security control frameworks are technical questionnaires to assess whether a client has the security controls in place that are required to obtain cyber insurance.

Examples of control questions include:

Do you employ Multi-Factor Authentication on important access?
Do you back up your critical data and periodically test your ability to recover it?
Do you conduct monthly user awareness training and phishing exercises?

By working through this security control framework, in parallel to running vulnerability scans, an agent can be proactive and help his client to identify gaps in the company’s security posture – and potentially closing these gaps – before sending out a submission to a carrier in order to get the best insurance coverage possible.

Trava Platform Walkthrough

Trava Modules & What's Included

Features	Prospecting	Underwriting	Risk Management
Catalyit Subscription	Basic or Full Access	Full Access	Full Access
Number of Client Organizations	Unlimited	$500 / 10 Clients	$2,500 / 10 Clients
API Access Ability to interface with the platform's external API for integrated and automated workflows
Custom Branding
Reporting
Customer Success
Training
Custom Surveys	Add-On	Add-On	Add-On
Customized Reports (up to 3 per year)	Add-On	Add-On	Add-On
Critical Controls Survey Covers top 10 cybersecurity controls companies should have in place to protect their assets from cyber attacks
Cyber Risk Checkup Rapid external scan of public domains to identify rudimentary security issues
Port Scan Scan for publicly exposed network ports on multiple targets
Breach Scan Scan the web for any indications that you have been breached in the past
Certificate Scan Review of certificates used on your websites to validate secure communication
DNS Scan Scan domains and associated sub-domains for security misconfigurations; DNS is essential for emails to work
Perimeter Scan Scan of external IP addresses for your infrastructure
Web App Surface Scan Scan the public surface of any web application
IP Attribution Ability to determine if an IP address belongs to you or a 3rd party provider for the purposes of remediating vulnerabilities
Subdomain Enumeration An enhancement that allows our scans to identify all subdomains associated with the provided website domain
Cybersecurity Framework Surveys e.g. Insurance Readiness, HIPAA, SOC 2
Underwriting Applications
Cloud Scan Analyze public cloud configurations (AWS, Azure, GCP) to identify configuration issues that could lead to security vulnerabilities
Web App Scan Scan web applications for security issues/vulnerabilities, and to test for conditions that indicate security exposures
Microsoft 365 Scan Analyze your Microsoft 365 environment to look for configuration issues that could lead to security vulnerabilities
MFA Scan Identify to what extent, if any, your client has MFA (Multi-Factor Authentication) enabled throughout their organization
WordPress Scan Scan your clients’ WordPress environments to identify vulnerabilities in the core platform, custom code, and plugins
Endpoint Agent Scan Scan remote devices such as laptops to detect security vulnerabilities
Internal Vulnerability Scan Run internal scans of your network to find security vulnerabilities

Cybersecurity Articles

Navigating the Impact of AI in Cybersecurity

Trava explores how AI's promise in enhancing cybersecurity is matched by the imperative of human oversight and vigilance, ensuring a secure digital landscape amidst evolving threats and ethical concerns.

A Complete Guide to Vulnerability Scan Types

This guide, presented by Trava, provides a description of each vulnerability scan type, key insights learned from each scan, and recommended frequency for running each scan.

A Comprehensive Guide to Cyber Insurance

This guide, presented by Trava, was designed to empower insurance agents with the tools they need to navigate the intricacies of cyber insurance successfully.